Privacy Policy

1. Who Is Responsible For Your Data

Costa Villa is published under Mean CEO, trade name Mean CEO.

• Legal entity: Mean CEO
• Trade name: Mean CEO
• Registration number: 96682426
• VAT/tax number: NL005225131B76
• Public contact route: the contact form on this website

Violetta Bonenkamp and Dirk-Jan Bonenkamp are the public people connected to Costa Villa. In this policy, “we”, “us”, and “our” refer to Costa Villa as operated under Mean CEO.

2. Personal Data We Collect

We may collect personal data that you provide through the website or during follow-up communication, including:

• name;
• email address;
• phone number or WhatsApp number, if provided;
• buyer goal;
• preferred Cyprus areas;
• property type;
• budget range;
• timing;
• message content;
• privacy acknowledgement;
• communication history;
• property preferences, shortlist criteria, or documents you choose to send later.

We may also process basic technical data, such as IP address, browser type, device information, pages visited, timestamps, security logs, and server logs.

3. How We Collect Data

We collect data when you submit a request through the website form, use the contact page, reply by email, phone, WhatsApp, or another channel you choose, send additional information during follow-up, or visit the website where technical and security logs may be created automatically.

The request form may be provided through a contact form service. The website may run on WordPress and use technical hosting, security, and performance services.

4. Why We Use Personal Data

We use personal data to respond to your property inquiry, understand your buyer criteria, prepare follow-up questions, search notes, or a private shortlist, route your request to the right next step when appropriate, manage communication, operate and protect the website, understand search performance through tools such as Google Search Console, and keep records where needed for legal, tax, administrative, or dispute purposes.

5. Legal Grounds

We process personal data only where there is a legal ground to do so. Depending on the situation, this may include taking steps before entering into an agreement, performing an agreement with you, our legitimate interest in responding to inquiries, operating the website, and protecting the service, your consent where requested, or compliance with a legal obligation.

6. Tools And Service Providers

We may use service providers for website hosting, WordPress operation, form handling, email, communications, security, analytics, search performance, bookkeeping, or professional support.

These providers may process personal data only where necessary for their role. We aim to use providers that apply appropriate privacy and security safeguards.

7. Sharing Personal Data

We do not sell your personal data.

We may share personal data only when needed to operate the website or contact form, communicate with you, provide requested follow-up, get technical, legal, tax, or administrative support, comply with the law, or protect our rights, users, or systems.

If your request later needs to be shared with a third-party property, legal, tax, finance, or relocation professional, we will make the role of that third party clear before sharing details beyond what is necessary.

8. Email And WhatsApp

Email, phone, and WhatsApp are practical communication channels, but they are not secure document portals. Please do not send unnecessary sensitive personal data unless we specifically ask for it and explain why it is needed.

If you use WhatsApp or another third-party communication service, that provider may process data under its own privacy policy.

9. Retention

We keep personal data only for as long as reasonably necessary for the purpose for which it was collected.

Inquiry data may be kept while your request is active and for a reasonable period afterward, in case you return with follow-up questions. Some records may be kept longer where required for legal, tax, accounting, security, or dispute purposes.

10. Security

We take reasonable technical and organisational measures to protect personal data against loss, misuse, unauthorised access, alteration, or disclosure.

No website, form, email system, or communication channel can be guaranteed to be completely secure.

11. Your Privacy Rights

Depending on your situation and applicable law, you may have the right to request access to your personal data, ask us to correct inaccurate data, ask us to delete data, restrict or object to processing, withdraw consent where processing is based on consent, or request data portability where applicable.

You can contact us through the website contact form to make a privacy request. We may need to verify your identity before responding.

12. Complaints

If you have a concern about how we handle personal data, please contact us first through the contact form so we can review it.

You may also have the right to complain to a data protection authority. In the Netherlands, this is the Autoriteit Persoonsgegevens.

13. Changes To This Policy

We may update this Privacy Policy when the website, forms, tools, services, or legal requirements change. The latest version will be published on this page.